The vulnerability of the Simple Key-Management for Internet Protocol (SKIP) protocol implementation in the PDF viewer macro of the XWiki PDF Viewer (Pro) allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the SKIP protocol implementation in the PDF viewer macro of XWiki PDF Viewer Macro Pro relates to the improper generation of keys. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Zangi Private Messenger messaging application, related to deficiencies in the session key generation mechanism, allows a hacker to execute a “man-in-the-middle” attack.

The vulnerability of the Zangi Private Messenger messaging application is related to deficiencies in the mechanism for generating session keys. Exploiting this vulnerability could allow a remote attacker to carry out a “man-in-the-middle” attack...

goTenna Pro 安全特征问题漏洞

goTenna Pro is a series of devices from goTenna that can create networks for off-grid communications and situational awareness. A security signature issue vulnerability exists in goTenna Pro that stems from not using strong random numbers when generating its cryptographic keys...

SUSE CVE-2024-46795

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

UBUNTU-CVE-2024-46795

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

PT-2024-28973 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to improper input validation in the getRegistration of RemoteProvisioningService.java. This could lead to a local denial of service, where the AndroidKeyStore key...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google, Inc. in the United States. A security vulnerability exists in Google Android that stems from the getRegistration method in the RemoteProvisioningService.java file containing an improperly validated input, and there is a...

CGA-W2CW-H7WW-HFH9

Bulletin has no description...

Use Of A Key Past Its Expiration Date

moodle/moodle is vulnerable to Use of a Key Past its Expiration Date. The vulnerability is caused due to improper key generation, as the same key is used interchangeably for a user's QR login key and their auto-login key. This allows an attacker to exploit the same key used interchangeably for a...

CVE-2024-38277

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two...

PT-2024-27916 · Alt Linux · Alt Linux

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the generation of unique keys for QR login and auto-login. Currently, the same key can be used interchangeably between the two, which is insecure. A unique key...

CGA-Q3QV-FJ7W-9JWC

Bulletin has no description...

Remote Code Execution (RCE)

passbolt/passboltapi is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper input sanitization during the server's PGP key generation, allowing users to inject shell code during installation...

libssh security update

0.9.6-14 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol BPP - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Note: version is bumped from 12 to 14...

CVE-2024-3185

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This wa...

CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This wa...

CVE-2024-3185 Rapid7 Insight Agent Sensitive Key Exposed To Local Users

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This wa...

[SECURITY] Fedora 38 Update: jose-13-1.fc38

Jos=EF=BF=BD=EF=BF=BD is a command line utility for performing various tasks on JSON Object Signing and Encryption JOSE objects. Jos=EF=BF=BD=EF=BF=BD provides a full crypto stack including key generation, signing and encryption...

[SECURITY] Fedora 39 Update: jose-13-1.fc39

Jos=EF=BF=BD=EF=BF=BD is a command line utility for performing various tasks on JSON Object Signing and Encryption JOSE objects. Jos=EF=BF=BD=EF=BF=BD provides a full crypto stack including key generation, signing and encryption...

Cisco IP Phones Duplicate Key (CVE-2022-20817)

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager CUCM is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could resul...